Artefacts

We aim to deliver sectorwide operational resilience improvements to benefit the safety and security of customers through trusted and effective collaboration

Welcome to the CMORG Artefact library

This brings together all CMORG outputs that are accessible to industry participants. You can register to access all of these here, but to receive a response, you must provide an industry email address and be a direct industry participant.

Filter by:

Third Party
System integrity Reconnection Framework
Guidance to the UK financial sector to aid the process of resuming business and safely reconnecting an organisation that has been technically quarantined after suffering a material cyber incident.
Read more
Technology and cyber
Log4J Lessons Learned
Sector learnings from the Log4j incident to optimise the approaches undertaken by larger firms and support capability building across the wider sector.
Read more
Technology and cyber
Data Vaulting Reference Architecture
Best practice approach in which data is captured and reused in response to malicious data destruction events using a cloud hosted data vault.
Read more
Payments
Payments Prioritisation (Wholesale)
Common definitions of critical GBP wholesale payments to support prioritisation across the sector during severe but plausible operational disruption.
Read more
Technology and cyber
Third Party Information Security Management
Guidance in conjunction with the NCSC on managing third party information security to minimise the risk that an inconsistent or outdated approach leaves the sector more vulnerable to attacks.
Read more
Technology and cyber
Cloud Control Framework
A cloud framework to support consistent adoption of controls and practices across shared accountability models between FS firms and Cloud Services Providers.
Read more
Technology and cyber
Security in the Cloud
Guidance on how to plan and implement security in the Cloud to optimise the approach undertaken by CMORG firms and support capability building across the wider sector.
Read more
Technology and cyber
Cyber Incident Reporting Framework (Ghostbusters Guide)
A single reference guide for current cyber incident reporting requirements and expected response across FSCCC, government, regulators and law enforcement. Includes decision-tree and supporting annex.
Read more
Sector Response
Custody Contingency Sector Response Principles
To ensure market participants have better awareness of Custody contingency planning through a set of documented principles to support sector wide response.
Read more